[Webkit-unassigned] [Bug 161902] New: [Fetch API] Referrer and Origin header should not be considered as safe request headers

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 13 04:06:47 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=161902

            Bug ID: 161902
           Summary: [Fetch API] Referrer and Origin header should not be
                    considered as safe request headers
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: youennf at gmail.com

As stated in https://fetch.spec.whatwg.org/#cors-safelisted-request-header, Referrer and Origin are not safe request headers.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160913/8cbc355c/attachment.html>

More information about the webkit-unassigned mailing list